summaryrefslogtreecommitdiffstats
path: root/ipapython
Commit message (Collapse)AuthorAgeFilesLines
* Allow to run subprocess with suplementary groupsMartin Basti2015-07-071-5/+21
| | | | | | | | | | Param suplementary_groups allows to specify list of group names to be used for subprocess. suplementary_groups param requires runas param to be specified. Required for ticket: https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* ipa-replica-manage del: relax segment deletement check if topology is ↵Petr Vobornik2015-07-031-2/+9
| | | | | | | | disconnected https://fedorahosted.org/freeipa/ticket/5072 Reviewed-By: David Kupka <dkupka@redhat.com>
* ipalib: Load ipaserver plugins when api.env.in_server is TrueJan Cholasta2015-07-011-1/+0
| | | | | | | https://fedorahosted.org/freeipa/ticket/3090 https://fedorahosted.org/freeipa/ticket/5073 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* topology: check topology in ipa-replica-manage delPetr Vobornik2015-06-291-0/+73
| | | | | | | | | | | | ipa-replica-manage del now: - checks the whole current topology(before deletion), reports issues - simulates deletion of server and checks the topology again, reports issues Asks admin if he wants to continue with the deletion if any errors are found. https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: Fix logging setup in server and replica installJan Cholasta2015-06-121-1/+16
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Update PKCS#11 mechanism constants for AES key wrapping to PKCS#11 v2.40.Petr Spacek2015-06-111-2/+2
| | | | | | | SoftHSM 2.0.0rc1 was updates to these new constants to avoid collision with Blowfish mechanisms. Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: Allow setting usage in CLI toolsJan Cholasta2015-06-101-4/+8
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: Add support for positional arguments in CLI toolsJan Cholasta2015-06-101-34/+106
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: Handle Knob cli_name and cli_aliases values consistentlyJan Cholasta2015-06-101-5/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: Introduce installer framework ipapython.installJan Cholasta2015-06-087-1/+1082
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: Move private_ccache from ipaserver to ipapythonJan Cholasta2015-06-081-0/+24
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add profile_id parameter to 'request_certificate'Fraser Tweedale2015-06-041-0/+2
| | | | | | | | | | | | Add the profile_id parameter to the 'request_certificate' function and update call sites. Also remove multiple occurrences of the default profile ID 'caIPAserviceCert'. Part of: https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Import included profiles during install or upgradeFraser Tweedale2015-06-041-2/+5
| | | | | | | | | | | | Add a default service profile template as part of FreeIPA and format and import it as part of installation or upgrade process. Also remove the code that modifies the old (file-based) `caIPAserviceCert' profile. Fixes https://fedorahosted.org/freeipa/ticket/4002 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add certprofile pluginFraser Tweedale2015-06-041-9/+20
| | | | | | | | | | | | | Add the 'certprofile' plugin which defines the commands for managing certificate profiles and associated permissions. Also update Dogtag network code in 'ipapython.dogtag' to support headers and arbitrary request bodies, to facilitate use of the Dogtag profiles REST API. Part of: https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Martin Basti <mbasti@redhat.com>
* client-install: Fix kinits with non-default Kerberos config fileJan Cholasta2015-05-211-3/+18
| | | | | | https://fedorahosted.org/freeipa/ticket/4808 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* allow to call ldap2.destroy_connection multiple timesPetr Vobornik2015-05-071-1/+1
| | | | | | A regression fix. Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* point the users to PKI-related logs when CA configuration failsMartin Babinsky2015-04-291-0/+4
| | | | | | | | | | This patch adds an error handler which prints out the paths to logs related to configuration and installation of Dogtag/CA in the case of failure. https://fedorahosted.org/freeipa/ticket/4900 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Make lint work on Fedora 22.David Kupka2015-04-271-0/+1
| | | | | | | | | | | pylint added 'confidence' parameter to 'add_message' method of PyLinter. To be compatible with both, pre- and post- 1.4 IPALinter must accept the parameter but not pass it over. Also python3 checker was added and enabled by default. FreeIPA is still not ready for python3. Additionally few false-positives was marked. Reviewed-By: Martin Basti <mbasti@redhat.com>
* speed up indirect member processingPetr Vobornik2015-04-271-0/+2
| | | | | | | | | | | | | | | the old implementation tried to get all entries which are member of group. That means also user. User can't have any members therefore this costly processing was unnecessary. New implementation reduces the search only to entries which have members. Also page size was removed to avoid paging by small pages(default size: 100) which is very slow for many members. https://fedorahosted.org/freeipa/ticket/4947 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove Editable DN and DN component classesPetr Viktorin2015-04-231-287/+16
| | | | | | | | | | Make all DNs, RDNs and AVAs immutable. Immutability makes reasoning about DN-handling code easier, as value objects can't be changed once created. Instead of mutable DNs, one can use a list (or even a generator) of RDNs that's converted to a DN on output. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipautil: new functions kinit_keytab and kinit_passwordMartin Babinsky2015-04-201-17/+54
| | | | | | | | | | | | | kinit_keytab replaces kinit_hostprincipal and performs Kerberos auth using keytab file. Function is also able to repeat authentication multiple times before giving up and raising Krb5Error. kinit_password wraps kinit auth using password and also supports FAST authentication using httpd armor ccache. Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* ldap: Remove IPASimpleLDAPObjectJan Cholasta2015-04-161-105/+0
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Use SimpleLDAPObject instead of IPASimpleLDAPObject in LDAPClientJan Cholasta2015-04-161-2/+2
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Move schema handling from IPASimpleLDAPObject to LDAPClientJan Cholasta2015-04-161-280/+261
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Use LDAPClient instead of IPASimpleLDAPObject in LDAPEntryJan Cholasta2015-04-161-4/+7
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Move value encoding from IPASimpleLDAPObject to LDAPClientJan Cholasta2015-04-161-133/+80
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Use LDAPClient bind and unbind methods in IPAdminJan Cholasta2015-04-161-19/+16
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Add bind and unbind methods to LDAPClientJan Cholasta2015-04-161-0/+35
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Use LDAPClient connection management in IPAdminJan Cholasta2015-04-161-12/+3
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Add connection management to LDAPClientJan Cholasta2015-04-161-9/+64
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Remove unused IPAdmin methodsJan Cholasta2015-04-161-8/+0
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Drop python-ldap tuple compatibilityJan Cholasta2015-04-161-66/+3
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* User life cycle: allows MODRDN from ldap2Thierry Bordaz2015-04-161-6/+23
| | | | | | | | | enhance update_entry_rdn so that is allows to move an entry a new superior https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* performance: faster DN implementationPetr Vobornik2015-04-141-297/+294
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | DN code was optimized to be faster if DNs are created from string. This is the major use case, since most DNs come from LDAP. With this patch, DN creation is almost 8-10x faster (with 30K-100K DNs). Second mojor use case - deepcopy in LDAPEntry is about 20x faster - done by custom __deepcopy__ function. The major change is that DN is no longer internally composed of RDNs and AVAs but it rather keeps the data in open ldap format - the same as output of str2dn function. Therefore, for immutable DNs, no other transformations are required on instantiation. The format is: DN: [RDN, RDN,...] RDN: [AVA, AVA,...] AVA: ['utf-8 encoded str - attr', 'utf-8 encode str -value', FLAG] FLAG: int Further indexing of DN object constructs an RDN which is just an encapsulation of the RDN part of open ldap representation. Indexing of RDN constructs AVA in the same fashion. Obtained EditableAVA, EditableRDN from EditableDN shares the respected lists of the open ldap repr. so that the change of value or attr is reflected in parent object. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Always reload StateFile before getting or modifying the stored values.David Kupka2015-03-181-2/+11
| | | | | | | | | | This change does not solve using multiple instances of StateFile concurently because there is no use for it in near future. Instead this solves an issue of loosing records when more instances of StateFile are interleaved in sequential code. https://fedorahosted.org/freeipa/ticket/4901 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Timeout when performing time sync during client installNathan Kinder2015-03-161-1/+11
| | | | | | | | | | | | | We use ntpd now to sync time before fetching a TGT during client install. Unfortuantely, ntpd will hang forever if it is unable to reach the NTP server. This patch adds the ability for commands run via ipautil.run() to have an optional timeout. This capability is used by the NTP sync code that is run during ipa-client-install. Ticket: https://fedorahosted.org/freeipa/ticket/4842 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Fix dead code in ipap11helper moduleMartin Basti2015-03-111-7/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* p11helper: clarify error messagePetr Spacek2015-03-061-1/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Martin Basti <mbasti@redhat.com>
* p11helper: use sizeof() instead of magic constantsPetr Spacek2015-03-061-6/+10
| | | | | | https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Martin Basti <mbasti@redhat.com>
* p11helper: standardize indentation and other visual aspects of the codePetr Spacek2015-03-061-589/+744
| | | | | | https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Remove unused method from ipap11pkcs helper moduleMartin Basti2015-03-061-51/+0
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Fix memory leaks in ipap11helperMartin Basti2015-03-061-117/+194
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNSSEC add support for CKM_RSA_PKCS_OAEP mechanismMartin Basti2015-03-061-3/+73
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4657#comment:13 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add a clear OpenSSL exception.Simo Sorce2015-02-231-0/+3
| | | | | | | | We are linking with OpenSSL in 2 files, so make it clear we intentionally add a GPLv3 exception to allow that linking by third parties. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* Prevent install scripts fail silently if timeout exceededMartin Basti2015-02-121-1/+1
| | | | | | | socket.timeout() exceptions need description, otherwise no error message is printed on console. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Fix reference counting in pkcs11 extensionMartin Basti2015-02-101-28/+25
| | | | | | | | | * removed unneeded reference increment * added increment of Py_None Part of ticket: https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipapython: Fix incorrect python shebangsTomas Babej2015-01-2610-10/+3
| | | | | | Make sure shebangs explicitly reference python2. Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNSSEC: fix root zone dns name conversionMartin Basti2015-01-231-0/+3
| | | | | | | | Root zone was represented as '@', which was incorrect. ksmutil did not accept it. Now root zone is represented as '.' Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* baseldap: Handle missing parent objects properly in *-find commandsTomas Babej2015-01-131-1/+1
| | | | | | | | | | | | | | | | | | | | The find_entries function in ipaldap does not differentiate between a LDAP search that returns error code 32 (No such object) and LDAP search returning error code 0 (Success), but returning no results. In both cases errors.NotFound is raised. In turn, LDAPSearch commands interpret NotFound exception as no results. To differentiate between the cases, a new error EmptyResult was added, which inherits from NotFound to preserve the compatibility with the new code. This error is raised by ipaldap.find_entries in case it is performing a search with and the target dn does not exist. https://fedorahosted.org/freeipa/ticket/4659 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Using wget to get status of CAMartin Basti2014-12-101-7/+11
| | | | | | | This is just workaround Ticket: https://fedorahosted.org/freeipa/ticket/4676 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
generated by cgit (git 2.34.1) at 2024-04-27 11:24:04 +0000